Chapter Objectives After completing this chapter you will be able to: Identify the characteristics...
-
date post
21-Dec-2015 -
Category
Documents
-
view
215 -
download
0
Transcript of Chapter Objectives After completing this chapter you will be able to: Identify the characteristics...
Chapter Objectives
After completing this chapter you will be able to:
Identify the characteristics and features of IPDescribe IP addressingExplain the purpose and operation of different protocols in the
TCP/IP suite, including DNS, ARP, ICMP, TCP, UDP and DHCPUnderstand IPv6
Internet Protocol (IP)
Provides logical 32-bit network addresses
Routes data packets
Connectionless protocol
– No session is established
“Best effort” delivery
Reliability is responsibility of higher-layer protocols and
applications
Fragments and reassembles packets
Host A
Network Interface
IP Fires & Forgets
Reliability & Sequencing
IPRoutes
If Possible
Router
Host B
Network Interface
IP Delivers
as Received
Reliability & Sequencing
PACKET
Fragmented Packet
Internet Protocol (IP)
IP Packet Structure
Source Address
VersionType ofService
Total LengthIHL
Identification Fragment Offset
ProtocolTime to Live Header Checksum
Destination address
PaddingOptions (variable)
32 bits (4 Bytes)
IP header is normally 20 bytes long
Flags
DATA (variable)
D T R UNUSEDPRECEDENCE
D = DelayT = ThroughputR = Reliability
Type of Service (TOS)
3 1 1 1 2
Fragmentation
Router1
Router2MTU =1500
IP Header Original IP Packet data area
IP Hdr 1 Data 1 IP Hdr 2 Data 2 IP Hdr 3 Data 3
MTU = 4500 bytes MTU = 4500 bytes
FDDI FDDIETHERNET
bytes
The IP Address
193.160.1.0
193.160.1.1 193.160.2.1
193.160.2.0
193.160.1.5
193.160.2.83
Binary Format
Dotted Decimal Notation
11000001 10100000 00000001 00000101
193.160.1.5
Converting from Binary to Decimal
1 1 1 1 1 1 11
2627 24 2022 212325
128 248163264 1
Binary Value
Decimal Value
If all bits are set to 1 then the decimal value is 255 i.e. 1+2+4+8+16+32+64+128=255
Traditional IP Address Classes
CLASS A
CLASS B
CLASS C
0
1 0
1 1 0
NET ID
NET ID
NET ID
HOST ID
HOST ID
HOST ID
Number ofNetworks
Hosts perNetwork 1st Octet
Class A 126 16,777,214 1 – 126Class B 16,384 65,534 128 – 191Class C 2,097,152 254 192 - 223
Traditional IP Address Classes (Contd)
Class D– Used for multicast group usage - first 4 high-order bits are 1110
– 1st Octet between 224 and 239
Class E– Reserved for future use - first 5 high-order bits are 11110
1 1 10 Group Identification
Addressing Guidelines
Network ID cannot be 127
– 127 is reserved for loop-back function
Network ID and host ID cannot be 255 (all bits set to 1)
– 255 is a broadcast address
Network ID and host ID cannot be 0 (all bits set to 0)
– O means “this network only”
Host ID must be unique to the network
Private IP Address Space
10.0.0.0 - 10.255.255.255 1 “Class A” network
172.16.0.0 - 172.31.255.255 16 “Class B” networks
192.168.0.0 - 192.168.255.255 256 “Class C” networks
Subnet Mask
Blocks out a portion of the IP address to distinguish the Network ID
from the host ID
Specifies whether the destination’s host IP address is located on a
local network or on a remote network
The source’s IP address is ANDed with its subnet mask. The
destination’s IP address is ANDed with the same subnet mask. If the
result of both ANDing operations match, the destination is local to the
source, that is, it is on the same subnet.
Subnet Mask Example
For example 160.30.20.10 is on the same subnet as 160.30.20.100 if the mask is 255.255.255.0
– Note: 1 AND 1 = 1. Other combinations = 0.
IP Address 10100000 00011110 00010100 00001010
Subnet Mask 11111111 11111111 11111111 00000000
10100000 00011110 00010100 00000000Result
160.30.20.10
255.255.255.0
160.30.20.0
IP Address 10100000 00011110 11001000 01100100
Subnet Mask 11111111 11111111 11111111 00000000
10100000 00011110 00010100 00000000Result
160.30.20.100
255.255.255.0
160.30.20.0
Subnetting
INTERNET
PRIVATE NETWORK
160.30.0.0/24160.30.1.0/24160.30.2.0/24…………….…………….
160.30.254.0/24 160.30.255.0/24
Routing Advertisement
160.30.0.0/16
• Before subnetting: 1 network with approx.. 65 thousand hosts• After subnetting: 256 networks with 254 hosts per subnet
Example: Network with Customised Mask
Allocated IP address space 160.30.0.0/16
8 bits available for subnets and 8 bits available for host
0255 255 255
0000 00001111 1111 1111 1111 1111 1111
No. of Subnets
xxxx xxxx1010 0000 0001 1110 0000 0000160.30.0.x
xxxx xxxx1010 0000 0001 1110 1111 1111160.30.255.x
3-octet mask 255.255.255.0
Maximum of 256 subnets (28)
Network Host
Example: Network with Customised Mask (continued)
Allocated IP address space 160.30.0.0/16
8 bits available for subnets and 8 bits available for host
0255 255 255
0000 00001111 1111 1111 1111 1111 1111
No. of hosts
0000 00011010 0000 0001 1110 xxxx xxxx160.30.x.1
1111 11101010 0000 0001 1110 xxxx xxxx160.30.x.254
3-octet mask 255.255.255.0
Maximum of 254 hosts (28 - 2)
Network Host
Subnetting Example
200.200.200.0 255.255.255.0
Network Address Subnet Mask
Allocated IP address space 200.200.200.0/24
200.200.200.64
200.200.200.0
62 hosts per network
Note: Subnet mask for each subnet = 255.255.255.192
200.200.200.192
200.200.200.128
Example Network with VLSM
Allocated IP address space 200.200.200.0/24 Required: 2 subnets with 50 hosts and 8 subnets with 10 hosts
200.200.200.0
200.200.200.0 /26 (max. of 62 hosts)
200.200.200.64 /26 (max. of 62 hosts)
200.200.200.192 /28 (max. of 14 hosts)200.200.200.208 /28200.200.200.224 /28200.200.200.240 /28
200.200.200.128 /28 (max. of 14 hosts)200.200.200.144 /28200.200.200.160 /28200.200.200.176 /28
Note: Subnet masks /26 = 255.255.255.192/28 = 255.255.255.240
Example Network with VLSM
160.40.140.0 255.255.252.0
160.40.156.0255.255.255.0
160.40.152.0255.255.252.0
160.40.157.12255.255.255.252
160.40.157.4255.255.255.252
LAN 1
LAN 3
LAN 2
160.40.144.0255.255.252.0
160.40.148.0255.255.252.0
Site A
Site CSite B
160.40.156.1
160.40.140.1
160.40.152.1
160.40.157.5
160.40.157.6
160.40.157.13
160.40.157.14 160.40.148.1
160.40.144.1
Variable Length Subnets from 1 to 16CIDR
Prefix-lengthSubnet Mask
# Individual Addresses
# Classful Networks
32 B64 B
128 B1 A or 256 Bs
2 A4 A
2 M4 M8 M
16 M32 M64 M
255.224.0.0255.192.0.0255.128.0.0
255.0.0.0254.0.0.0252.0.0.0
/11/10/9/8/7/6
/4/5
240.0.0.0248.0.0.0
16 A8 A128 M
256 M
64 A32 A
128 A1024 M512 M
2048 M 192.0.0.0224.0.0.0
128.0.0.0/2/3
/1
/16 255.255.0.0 1 B or 256 Cs65,534
4 B2 B
8 B262,142131,070
524,286255.252.0.0255.254.0.0
255.248.0.0/14/15
/1316 B1 M255.240.0.0/12
Variable Length Subnets from 17 to 30
CIDRPrefix-length
Subnet Mask# Individual
Addresses# Classful Networks
1/8 C1/4 C1/2 C1 C2 Cs4 Cs8 Cs
16 Cs32 Cs64 Cs
3062
126254510
1,0222,0464,0948,190
16,382
255.255.255.224255.255.255.192255.255.255.128
255.255.255.0255.255.254.0255.255.252.0255.255.248.0255.255.240.0255.255.224.0255.255.192.0
/27/26/25/24/23/22/21/20/19/18/17 255.255.128.0 128 Cs32,766
1/16 C14255.255.255.240/281/32 C6255.255.255.248/291/64 C2255.255.255.252/30
CIDR Route Aggregation
ISP
The INTERNET200.25.16.0/20
200.25.16.0/24 200.25.17.0/24200.25.18.0/24200.25.19.0/24200.25.20.0/24200.25.21.0/24200.25.22.0/24200.25.23.0/24
200.25.24.0/24 200.25.25.0/24200.25.26.0/24200.25.27.0/24
200.25.28.0/24 200.25.29.0/24
200.25.30.0/24 200.25.31.0/24
200.25.16.0/21
200.25.24.0/22
200.25.28.0/23
200.25.30.0/23
200.25.0.0/16
Company ACompany B
Company C Company D
Subnet ID TablesNo. of Bits
in MaskSubnet Mask
255.255.255.248255.255.255.252
255.255.255.240255.255.255.224255.255.255.192255.255.255.128
255.255.255.0255.255.254.0255.255.252.0255.255.248.0255.255.240.0255.255.224.0255.255.192.0
2930
2827262524232221201918
1617
255.255.0.0255.255.128.0
Subnet IDs
0
0,16,32,48,64,80,96,112,128,144,160,176,192,208,224,240
0,8,16,24,32,40,48,56,64…………….,216,224,232,240,248
0,4,8,12,16,20,24,28,32,…………….236,240,244,248,252
0,2,4,6,8,10,12,14,16,18,…………….246,248,250,252,254
0,1,2,3,4,5,6,7,8,9,10,11,…………….251,252,253,254,255
0, 128
0, 64, 128, 192
0,32,64,96,128,160,192,2243rdOctet
4thOctet
0, 128
0, 64, 128, 192
0,32,64,96,128,160,192,2240,16,32,48,64,80,96,112,128,144,160,176,192,208,224,240
0,8,16,24,32,40,48,56,64…………….,216,224,232,240,248
0,4,8,12,16,20,24,28,32,…………….236,240,244,248,252
DNS - Domain Name System
Internet addresses are hard for humans to remember
- Easy for protocol software to work with.
Symbolic names are more natural for humans
- Hard for protocol software to work with.
HumansProtocol software
185.26.69.125
Kiss.val.com
?
Internet Domain Name Space
int com edu gov mil org net us se ie
Generic Countries
ericsson
eng
Oxford
CS eng
ai Linda
robot
Pizza
cookie 4Star
Krusty
Burger
Domain Name Resolution
com
EricssonJuniper ACC
saleseng research
.
Domain Name Resolution
Root Name Server
Com NameServer
ericsson.com
eng.ericsson.com
LocalNameServer
DNSClient
Recursivequery
1 10
2 34
5
6
7
8
9
Iterativequery
DNS CachingInternet name servers use name caching to reduce the traffic on the
Internet and improve performance
Servers report cached information to clients, but mark it as a non-
authoritative binding
If efficiency is important, the client will choose to accept the non-
authoritative answer and proceed
If accuracy is important the client will choose to contact the authority
and verify that the binding between name and address is still valid
Whenever an authority responds to a request, it includes a Time To
Live (TTL) value in the response that specifies how long it guarantees
the binding to remain
Address Resolution Protocol (ARP)
A source must know a destination’s hardware address before it can
send an IP packet directly to it
ARP is the mechanism that maps IP to hardware addresses
ARP uses a local broadcast to obtain a hardware address dynamically
ARP stores mappings in cache for future use
Static entries can be manually entered into the ARP cache
Address Resolution Protocol (ARP)
Source 160.30.100.2000-AA-00-12-34-56
Destination160.30.100.1000-A0-C9-78-9A-BC
“If your IP address is 160.30.100.10 please send me a reply stating your hardware address”
That’s me and my Hardware address is 00-A0-C9-78-9A-BC
Broadcast
Unicast
Remote Networks
ARP Packet Structure
Sender’s Hardware Address (Octets 0-3)
Protocol Type
Target HA (octets 2 - 5)
32 bits (4 Bytes)
Hardware Type
PLENHLEN Operation code
Sender IP (Octets 0-1)Sender HA (Octets 4-5)
Sender IP (Octets 2-3) Target HA (Octets 0-1)
Target IP (octets 0 - 3)
Variable Length
Reverse Address Resolution Protocol
Reverse ARP is the mechanism that maps hardware addresses to
the IP address
RARP protocol allows a newly booted machine to broadcast its
Ethernet address
The RARP server sees this request and sends back the
corresponding IP address
Internet Control Message Protocol (ICMP)
Reports errors and sends control messages on behalf of IP
ICMP messages are encapsulated within an IP packet
One of the most frequently used debugging tools uses ICMP
ICMP Message Format
Code Checksum
Identifier
Type
Sequence Number
Optional Data
IP Header......
ICMP Message TypesTYPEFIELD ICMP Message Types
03458
1112131415161718
Echo ReplyDestination UnreachableSource QuenchRedirect (change a route)Echo RequestTime exceeded for a packetParameter problem on a packetTimestamp requestTimestamp replyInformation request (obsolete)Information reply (obsolete)Address mask requestAddress mask reply
Echo Request and Reply Message Format
Code = 0 Checksum
Identifier
Type = 8 (or 0)
Sequence Number
Optional Data
IP Header......
These messages test whether a destination is reachable and
responding, by sending ICMP echo requests and receiving back
ICMP echo replies.
This test is carried out by using the “PING” command.
Reports of Unreachable DestinationsCode Value Meaning
012345678
9
1112
Network unreachableHost unreachableProtocol unreachablePort unreachableFragmentation needed and DF setSource route failedDestination network unknownDestination host unknownSource host isolated
Communication with destination network administratively prohibited
Network unreachable for type of service
10Communication with destination host administratively prohibited
Host unreachable for type of service
Traceroute
Traceroute uses ICMP and the TTL field in the IP header, to let us see the route that IP packets follow from one host to another.
Source sends packet with TTL set to 1
First router sends back “time exceeded” message
Source increments TTL counter by 1
Second router on path sends back “time exceeded” message
Process continues until ultimate destination send back “port
unreachable” message.
Source uses the responses to display the route to the destination
Transmission Control Protocol (TCP)
Connection-oriented
Provides logical connections between a pair of processes:– These are uniquely identified using sockets
– Socket = IP address & port number, e.g. FTP is port 21
End-to-End reliable delivery
Implements Flow Control
Transmission Control Protocol (TCP)
Units of data transferred between two devices running TCP
software are called “segments”
Segments are exchanged to do the following:– Establish a connection
– Agree window size
– Transfer data
– Send acknowledgements
– Close connection
TCP Packet Structure
Destination Port
Window
PaddingOptions
32 bits (4 Bytes)
DATA
Source Port
OFFSET
Sequence Number
Reserved
Acknowledgement Number
Flags
Urgent PointerChecksum
Well-known Port Numbers
Port Number
Description
720212325537980
104139
160 -223
EchoFile Transfer Protocol (FTP) dataFile Transfer Protocol (FTP) controlTelnetSimple Mail Transfer Protocol (SMTP)Domain name server (DNS)FingerWorld Wide Web (WWW)X400 Mail SendingNetBIOS session serviceReserved
Establishing a TCP Connection
SYN
SEQ # 1,000Window 8,760 bytes
Max. segment 1,460 bytes
Client Server
SEQ # 3,000ACK # 1,001
Window 8,760 bytesMax. segment 1,460 bytes
ACKSEQ # 1001ACK # 3001
SYN
Positive Acknowledgement with Retransmit
Packet lost
Packet should arriveACK should be sent
Send Packet 1Start Timer
ACK would normally arrive at this time
Timer Expires
Retransmit Packet 1Start Timer
Receive Packet 1Send ACK 2
Receive ACK 2Cancel Timer
Events at Sender Site Network Messages Events at Receiver Site
Sliding Window Protocol
Initial window
Window Slides
Segments 1, 2 and 3acknowledged
Sliding Window Protocol
Send Segment 1
Send Segment 2
Send Segment 3
Receive Segment 1
Receive Segment 2
Receive Segment 3Send ACK 4 for next
segment expected
Data, SEQ#2,000 length=100
Data, SEQ#2,100 length=100
Data, SEQ#2,200 length=100
ACK#2,200
ACK#2,300
Send ACK 3 for nextsegment expected
Slow Start Algorithm
Slow Start adds another window to the sender's TCP: the congestion window, called "cwnd"
When a new connection is established with a host on another network, the congestion window is initialised to one segment
Each time an ACK is received, the congestion window is increased by one segment
The sender can transmit up to the minimum of the congestion window and the advertised window
Slow Start provides an exponential growth (send one segment, then two, then four, and so on)
The congestion window is flow control imposed by the sender, while the advertised window is flow control imposed by the receiver
Congestion Avoidance and Slow Start algorithm
Initialisation for a given connection sets cwnd to one segment and Slow Start threshold to 65535 bytes
The TCP output routine never sends more than the minimum of cwnd and the receiver's advertised window
When congestion occurs (indicated by a timeout or the reception of duplicate ACKs), one-half of the current window size is saved in ssthresh. Additionally, if the congestion is indicated by a timeout, cwnd is set to one segment (i.e., Slow Start)
When new data is acknowledged by the other end, increase cwnd
Congestion Avoidance and Slow Start algorithm (Contd)
The way that the cwnd is increased depends on whether TCP is
performing Slow Start or Congestion Avoidance
If cwnd is less than or equal to ssthresh, TCP is in Slow Start;
otherwise TCP is performing Congestion Avoidance
Slow Start continues until TCP is halfway to where it was when
congestion occurred, and then Congestion Avoidance takes over
Slow Start sends one segment, then two, then four, and so on
Congestion Avoidance dictates that cwnd be incremented by
segsize*segsize/cwnd each time an ACK is received
This is a linear growth of cwnd, compared to Slow Start's
exponential growth
Fast Retransmit
TCP may generate an immediate acknowledgement (a duplicate ACK) when an out-of-order segment is received
The purpose of this duplicate ACK is to let the other end know that a segment was received out of order, and to tell it what sequence number is expected
Since TCP does not know whether a duplicate ACK is caused by a lost segment or just a reordering of segments, it waits for a small number of duplicate ACKs to be received
If three or more duplicate ACKs are received in a row, it is a strong indication that a segment has been lost
TCP then performs a retransmission of what appears to be the missing segment, without waiting for a retransmission timer to expire
Fast Recovery Algorithm
After Fast Retransmit sends what appears to be the missing
segment, Congestion Avoidance, but not Slow Start is performed
The reason for not performing Slow Start in this case is that the
receipt of the duplicate ACKs tells TCP that there is still data
flowing between the two ends
TCP can thus avoid reducing the flow abruptly by not going into
Slow Start
The Fast Retransmit and Fast Recovery algorithms are usually
implemented together
User Datagram Protocol
Connectionless– No session is established
Does not guarantee delivery– No sequence numbers– No acknowledgements
Reliability is the responsibility of the applicationUses port numbers as end points to communicate
User Datagram Protocol
UDP Packet Format
Checksum performed on Pseudo-Header
Destination PortSource Port
UDP ChecksumLength
DATA
BOOTP (BOOTstrap Protocol)
A newly booted device may use BOOTP to obtain an IP address, a bootable file address, and configuration information.
– The client initiates a BOOTP request with a broadcast address to all stations on the local network
– The BOOTP server monitors for BOOTP requests (on UDP port 67). – The server looks up the assigned IP address and puts it in the response message. – It also adds the name of the BOOTP server and the name of the appropriate load
file that may be executed. – It may also add other configuration parameters such as the subnet mask and
default gateway. – The client receives the reply (on UDP port 68).– it uses the information supplied by the server to initiate a TFTP get message to the
server specified. – The response to the TFTP get message is an executable load file.
DHCP is an enhanced version of BOOTP
BOOTP Message Format
0 8 16 24 31
BOOT FILE NAME (128 OCTETS0
CLIENT HARDWARE ADDRESS (16 OCTETS)
SERVER HOST NAME (64 OCTETS)
OP HTYPE HLEN HOPSTRANSACTION ID
CLIENT IP ADDRESSYOUR IP ADDRESS
SERVER IP ADDRESSROUTER IP ADDRESS
SECONDS UNUSED
VENDOR-SPECIFIC AREA (64 OCTETS)
Dynamic Host Configuration Protocol - DHCP
Non-DHCP client
DHCP client
DHCP client
DHCPserver
DHCP DatabaseIP Address 1IP Address 2IP Address 3
IP Address 1
IP Address 2
1. Find a DHCP server
2. Offer an address
3. Accept an address
4. Confirmation
DHCP
DHCP supports three mechanisms for IP address allocation:
– Manual allocation
– Automatic allocation
– Dynamic allocation
DHCP OperationDHCPDISCOVER
Source IP address = 0.0.0.0Dest. IP address = 255.255.255.255Hardware address = 00-80-37-12-34-56
Source IP address = 160.30.20.10Dest. IP address = 255.255.255.255Offered IP address = 160.30.20.150Client Hardware address = 00-80-37-12-34-56Subnet mask = 255.255.255.0Length of lease = 72 hoursServer identifier = 160.30.20.10
DHCPOFFER
DHCP OperationSource IP address = 0.0.0.0Dest. IP address = 255.255.255.255Hardware address = 00-80-37-12-34-56Requested IP address = 160.30.20.150Server Identifier = 160.30.20.10
DHCPREQUEST
Source IP address = 160.30.20.10Dest. IP address = 255.255.255.255Offered IP address = 160.30.20.150Client Hardware address 00.80.37.12.34.56Subnet mask = 255.255.255.0Length of lease = 72 hoursServer Identifier = 160.30.20.10DHCP option: router = 160.30.20.1
DHCPACK
DHCP Interaction through Routers
Router
PC DHCPServerDHCP Discover
DHCP Request
DHCP Discover
DHCP Request
DHCP Offer DHCP Offer
DHCP ACK
DHCP ACK
DHCP Message Format
0 8 16 24 31
BOOT FILE NAME (128 OCTETS0
CLIENT HARDWARE ADDRESS (16 OCTETS)
SERVER HOST NAME (64 OCTETS)
OP HTYPE HLEN HOPSTRANSACTION ID
CLIENT IP ADDRESSYOUR IP ADDRESS
SERVER IP ADDRESSROUTER IP ADDRESS
SECONDS FLAGS
OPTIONS (VARIABLE)
IPv4 and IPv6
If IPv4 works so well then why change?
– Dramatically increase the number of IP addresses
– Provide better support for real-time applications
– Security features
8/038 13 LZUBB 108 101/2
New features of IPv6
Address size
– 128-bit addresses
Improved option mechanism
– simplifies and speeds up router processing of IPv6 packets
Address autoconfiguration
– dynamic assignment of IPv6 addresses
Increased addressing flexibility
– anycast address
Support for resource allocation
– labelling of packets to handle specialised traffic
Security capabilities
– authentication and privacy
8/038 13 LZUBB 108 101/3
The IPv6 Packet Format
BaseHeader
ExtensionHeader 1
ExtensionHeader N
Data area…...
Optional40 bytes
IPv4 Header
Source Address
VersionType ofService
Total LengthIHL
Identification Fragment Offset
ProtocolTime to Live Header Checksum
Destination address
PaddingOptions (variable)
32 bits (4 Bytes)
IP header is normally 20 bytes long
Flags
DATA (variable)
IPv6 Base Header
Version Priority Flow Label
Payload Length Next Header Hop Limit
Source Address
Destination Address
0 4 8 16 24 32
10 x
32
bits
= 4
0 oc
tets
IPv6 Extension Header
Hop-by-hop options
Extension header Description
Miscellaneous information for routers
Routing
Fragmentation
Authentication
Encrypted security payload
Destination options -2
Full or partial route to follow
Management of datagram fragments
Verification of the sender’s identity
Information about the encrypted contents
Additional information for the final destination only
Destination options -1 Information for 1st destination
Hop-by-hop Options & Destination Options Headers
Hop-by-hop Options Header
– Read by all routers along the path
– useful for transmitting management information or debugging commands to
routers
Destination Options Header
– 2 types
one for 1st destination
one for final destination
Routing Header
Specifies a list of IP addresses that dictate what path a packet will
traverse
Type zero routing headers indicate how intermediate nodes may
forward a packet to the next address in the routing header
– strict forwarding, packets only visit routers listed in the routing header
– loose forwarding, unlisted routers can be visited by a packet
Routing Header Format
Next Header Type
Reserved
Number of Addresses
Strict/loose Bit Map
Next address
1 - 24 Addresses
Fragment Header
Next Header Reserved Fragment Offset Res M
Identification
138 8 12
32
Authentication Header
The authentication header provides authentication and integrity
the authentication header extension to IPv6 ensures that a packet
is actually coming from the host indicated in its source address
ESP- Encrypted Security Payload
Transport Headerand Payload
IPv6Header
ExtensionHeaders ESP Header
IPv6Header
ExtensionHeaders
Transport Mode
Unencrypted Encrypted
Tunnel Mode
Unencrypted Encrypted
IPv6Header
ExtensionHeaders ESP Header
Transport Headerand Payload
IPv6 Addressing
Like IPv4, IPv6 assigns a unique address for each connection
between a computer and a physical network
There are three types of IPv6 addresses:
– Unicast
– Multicast
– Anycast
IPv6 Colon Hexadecimal Notation
Consider a 128-bit number written in dotted decimal notation:
– 105.220.136.100.255.255.255.255.0.0.18.128.140.10.255.255
This number written in hex notation
– 69DC:8864:FFFF:FFFF:0:1280:8C0A:FFFF
Leading zeros within a group can be omitted
One or more groups of 16 zeros can be replaced by a pair of colons
– for example: FF0C:0:0:0:0:0:0:B1 can be written as:
– FF0C::B1
Transition to IPv6
Tunnelling
– Configured
manually configuration of IPv6/IPv4 mappings
whole IPv6 address space can be used
– Automatic
compatible address space
no advantage of the extended address space